1 /*
2 ** Copyright 2008, The Android Open Source Project
3 **
4 ** Licensed under the Apache License, Version 2.0 (the "License");
5 ** you may not use this file except in compliance with the License.
6 ** You may obtain a copy of the License at
7 **
8 **     http://www.apache.org/licenses/LICENSE-2.0
9 **
10 ** Unless required by applicable law or agreed to in writing, software
11 ** distributed under the License is distributed on an "AS IS" BASIS,
12 ** WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 ** See the License for the specific language governing permissions and
14 ** limitations under the License.
15 */
16 
17 #include "utils.h"
18 
19 #include <errno.h>
20 #include <fcntl.h>
21 #include <fts.h>
22 #include <stdlib.h>
23 #include <sys/capability.h>
24 #include <sys/stat.h>
25 #include <sys/wait.h>
26 #include <sys/xattr.h>
27 #include <sys/statvfs.h>
28 
29 #include <android-base/file.h>
30 #include <android-base/logging.h>
31 #include <android-base/strings.h>
32 #include <android-base/stringprintf.h>
33 #include <android-base/unique_fd.h>
34 #include <cutils/fs.h>
35 #include <cutils/properties.h>
36 #include <log/log.h>
37 #include <private/android_filesystem_config.h>
38 #include <private/android_projectid_config.h>
39 
40 #include "dexopt_return_codes.h"
41 #include "globals.h"  // extern variables.
42 #include "QuotaUtils.h"
43 
44 #ifndef LOG_TAG
45 #define LOG_TAG "installd"
46 #endif
47 
48 #define DEBUG_XATTRS 0
49 
50 using android::base::EndsWith;
51 using android::base::Fdopendir;
52 using android::base::StringPrintf;
53 using android::base::unique_fd;
54 
55 namespace android {
56 namespace installd {
57 
58 /**
59  * Check that given string is valid filename, and that it attempts no
60  * parent or child directory traversal.
61  */
is_valid_filename(const std::string & name)62 bool is_valid_filename(const std::string& name) {
63     if (name.empty() || (name == ".") || (name == "..")
64             || (name.find('/') != std::string::npos)) {
65         return false;
66     } else {
67         return true;
68     }
69 }
70 
check_package_name(const char * package_name)71 static void check_package_name(const char* package_name) {
72     CHECK(is_valid_filename(package_name));
73     CHECK(is_valid_package_name(package_name));
74 }
75 
resolve_ce_path_by_inode_or_fallback(const std::string & root_path,ino_t ce_data_inode,const std::string & fallback)76 static std::string resolve_ce_path_by_inode_or_fallback(const std::string& root_path,
77         ino_t ce_data_inode, const std::string& fallback) {
78     if (ce_data_inode != 0) {
79         DIR* dir = opendir(root_path.c_str());
80         if (dir == nullptr) {
81             PLOG(ERROR) << "Failed to opendir " << root_path;
82             return fallback;
83         }
84 
85         struct dirent* ent;
86         while ((ent = readdir(dir))) {
87             if (ent->d_ino == ce_data_inode) {
88                 auto resolved = StringPrintf("%s/%s", root_path.c_str(), ent->d_name);
89                 if (resolved != fallback) {
90                     LOG(DEBUG) << "Resolved path " << resolved << " for inode " << ce_data_inode
91                             << " instead of " << fallback;
92                 }
93                 closedir(dir);
94                 return resolved;
95             }
96         }
97         LOG(WARNING) << "Failed to resolve inode " << ce_data_inode << "; using " << fallback;
98         closedir(dir);
99         return fallback;
100     } else {
101         return fallback;
102     }
103 }
104 
105 /**
106  * Create the path name where package data should be stored for the given
107  * volume UUID, package name, and user ID. An empty UUID is assumed to be
108  * internal storage.
109  */
create_data_user_ce_package_path(const char * volume_uuid,userid_t user,const char * package_name)110 std::string create_data_user_ce_package_path(const char* volume_uuid,
111         userid_t user, const char* package_name) {
112     check_package_name(package_name);
113     return StringPrintf("%s/%s",
114             create_data_user_ce_path(volume_uuid, user).c_str(), package_name);
115 }
116 
117 /**
118  * Create the path name where package data should be stored for the given
119  * volume UUID, package name, and user ID. An empty UUID is assumed to be
120  * internal storage.
121  * Compared to create_data_user_ce_package_path this method always return the
122  * ".../user/..." directory.
123  */
create_data_user_ce_package_path_as_user_link(const char * volume_uuid,userid_t userid,const char * package_name)124 std::string create_data_user_ce_package_path_as_user_link(
125         const char* volume_uuid, userid_t userid, const char* package_name) {
126     check_package_name(package_name);
127     std::string data(create_data_path(volume_uuid));
128     return StringPrintf("%s/user/%u/%s", data.c_str(), userid, package_name);
129 }
130 
create_data_user_ce_package_path(const char * volume_uuid,userid_t user,const char * package_name,ino_t ce_data_inode)131 std::string create_data_user_ce_package_path(const char* volume_uuid, userid_t user,
132         const char* package_name, ino_t ce_data_inode) {
133     // For testing purposes, rely on the inode when defined; this could be
134     // optimized to use access() in the future.
135     auto fallback = create_data_user_ce_package_path(volume_uuid, user, package_name);
136     auto user_path = create_data_user_ce_path(volume_uuid, user);
137     return resolve_ce_path_by_inode_or_fallback(user_path, ce_data_inode, fallback);
138 }
139 
create_data_user_de_package_path(const char * volume_uuid,userid_t user,const char * package_name)140 std::string create_data_user_de_package_path(const char* volume_uuid,
141         userid_t user, const char* package_name) {
142     check_package_name(package_name);
143     return StringPrintf("%s/%s",
144             create_data_user_de_path(volume_uuid, user).c_str(), package_name);
145 }
146 
create_data_path(const char * volume_uuid)147 std::string create_data_path(const char* volume_uuid) {
148     if (volume_uuid == nullptr) {
149         return "/data";
150     } else if (!strcmp(volume_uuid, "TEST")) {
151         CHECK(property_get_bool("ro.debuggable", false));
152         return "/data/local/tmp";
153     } else {
154         CHECK(is_valid_filename(volume_uuid));
155         return StringPrintf("/mnt/expand/%s", volume_uuid);
156     }
157 }
158 
159 /**
160  * Create the path name for app data.
161  */
create_data_app_path(const char * volume_uuid)162 std::string create_data_app_path(const char* volume_uuid) {
163     return StringPrintf("%s/app", create_data_path(volume_uuid).c_str());
164 }
165 
166 /**
167  * Create the path name for user data for a certain userid.
168  * Keep same implementation as vold to minimize path walking overhead
169  */
create_data_user_ce_path(const char * volume_uuid,userid_t userid)170 std::string create_data_user_ce_path(const char* volume_uuid, userid_t userid) {
171     std::string data(create_data_path(volume_uuid));
172     if (volume_uuid == nullptr && userid == 0) {
173         std::string legacy = StringPrintf("%s/data", data.c_str());
174         struct stat sb;
175         if (lstat(legacy.c_str(), &sb) == 0 && S_ISDIR(sb.st_mode)) {
176             /* /data/data is dir, return /data/data for legacy system */
177             return legacy;
178         }
179     }
180     return StringPrintf("%s/user/%u", data.c_str(), userid);
181 }
182 
183 /**
184  * Create the path name for device encrypted user data for a certain userid.
185  */
create_data_user_de_path(const char * volume_uuid,userid_t userid)186 std::string create_data_user_de_path(const char* volume_uuid, userid_t userid) {
187     std::string data(create_data_path(volume_uuid));
188     return StringPrintf("%s/user_de/%u", data.c_str(), userid);
189 }
190 
create_data_misc_ce_rollback_base_path(const char * volume_uuid,userid_t user)191 std::string create_data_misc_ce_rollback_base_path(const char* volume_uuid, userid_t user) {
192     return StringPrintf("%s/misc_ce/%u/rollback", create_data_path(volume_uuid).c_str(), user);
193 }
194 
create_data_misc_de_rollback_base_path(const char * volume_uuid,userid_t user)195 std::string create_data_misc_de_rollback_base_path(const char* volume_uuid, userid_t user) {
196     return StringPrintf("%s/misc_de/%u/rollback", create_data_path(volume_uuid).c_str(), user);
197 }
198 
create_data_misc_ce_rollback_path(const char * volume_uuid,userid_t user,int32_t snapshot_id)199 std::string create_data_misc_ce_rollback_path(const char* volume_uuid, userid_t user,
200         int32_t snapshot_id) {
201     return StringPrintf("%s/%d", create_data_misc_ce_rollback_base_path(volume_uuid, user).c_str(),
202           snapshot_id);
203 }
204 
create_data_misc_de_rollback_path(const char * volume_uuid,userid_t user,int32_t snapshot_id)205 std::string create_data_misc_de_rollback_path(const char* volume_uuid, userid_t user,
206         int32_t snapshot_id) {
207     return StringPrintf("%s/%d", create_data_misc_de_rollback_base_path(volume_uuid, user).c_str(),
208           snapshot_id);
209 }
210 
create_data_misc_ce_rollback_package_path(const char * volume_uuid,userid_t user,int32_t snapshot_id,const char * package_name)211 std::string create_data_misc_ce_rollback_package_path(const char* volume_uuid,
212         userid_t user, int32_t snapshot_id, const char* package_name) {
213     return StringPrintf("%s/%s",
214            create_data_misc_ce_rollback_path(volume_uuid, user, snapshot_id).c_str(), package_name);
215 }
216 
create_data_misc_ce_rollback_package_path(const char * volume_uuid,userid_t user,int32_t snapshot_id,const char * package_name,ino_t ce_rollback_inode)217 std::string create_data_misc_ce_rollback_package_path(const char* volume_uuid,
218         userid_t user, int32_t snapshot_id, const char* package_name, ino_t ce_rollback_inode) {
219     auto fallback = create_data_misc_ce_rollback_package_path(volume_uuid, user, snapshot_id,
220             package_name);
221     auto user_path = create_data_misc_ce_rollback_path(volume_uuid, user, snapshot_id);
222     return resolve_ce_path_by_inode_or_fallback(user_path, ce_rollback_inode, fallback);
223 }
224 
create_data_misc_de_rollback_package_path(const char * volume_uuid,userid_t user,int32_t snapshot_id,const char * package_name)225 std::string create_data_misc_de_rollback_package_path(const char* volume_uuid,
226         userid_t user, int32_t snapshot_id, const char* package_name) {
227     return StringPrintf("%s/%s",
228            create_data_misc_de_rollback_path(volume_uuid, user, snapshot_id).c_str(), package_name);
229 }
230 
231 /**
232  * Create the path name for media for a certain userid.
233  */
create_data_media_path(const char * volume_uuid,userid_t userid)234 std::string create_data_media_path(const char* volume_uuid, userid_t userid) {
235     return StringPrintf("%s/media/%u", create_data_path(volume_uuid).c_str(), userid);
236 }
237 
create_data_media_package_path(const char * volume_uuid,userid_t userid,const char * data_type,const char * package_name)238 std::string create_data_media_package_path(const char* volume_uuid, userid_t userid,
239         const char* data_type, const char* package_name) {
240     return StringPrintf("%s/Android/%s/%s", create_data_media_path(volume_uuid, userid).c_str(),
241             data_type, package_name);
242 }
243 
create_data_misc_legacy_path(userid_t userid)244 std::string create_data_misc_legacy_path(userid_t userid) {
245     return StringPrintf("%s/misc/user/%u", create_data_path(nullptr).c_str(), userid);
246 }
247 
create_primary_cur_profile_dir_path(userid_t userid)248 std::string create_primary_cur_profile_dir_path(userid_t userid) {
249     return StringPrintf("%s/cur/%u", android_profiles_dir.c_str(), userid);
250 }
251 
create_primary_current_profile_package_dir_path(userid_t user,const std::string & package_name)252 std::string create_primary_current_profile_package_dir_path(userid_t user,
253         const std::string& package_name) {
254     check_package_name(package_name.c_str());
255     return StringPrintf("%s/%s",
256             create_primary_cur_profile_dir_path(user).c_str(), package_name.c_str());
257 }
258 
create_primary_ref_profile_dir_path()259 std::string create_primary_ref_profile_dir_path() {
260     return StringPrintf("%s/ref", android_profiles_dir.c_str());
261 }
262 
create_primary_reference_profile_package_dir_path(const std::string & package_name)263 std::string create_primary_reference_profile_package_dir_path(const std::string& package_name) {
264     check_package_name(package_name.c_str());
265     return StringPrintf("%s/ref/%s", android_profiles_dir.c_str(), package_name.c_str());
266 }
267 
create_data_dalvik_cache_path()268 std::string create_data_dalvik_cache_path() {
269     return "/data/dalvik-cache";
270 }
271 
create_system_user_ce_path(userid_t userId)272 std::string create_system_user_ce_path(userid_t userId) {
273     return StringPrintf("%s/system_ce/%u", create_data_path(nullptr).c_str(), userId);
274 }
275 
create_system_user_ce_package_path(userid_t userId,const char * package_name)276 std::string create_system_user_ce_package_path(userid_t userId, const char* package_name) {
277     check_package_name(package_name);
278     return StringPrintf("%s/%s", create_system_user_ce_path(userId).c_str(), package_name);
279 }
280 
281 // Keep profile paths in sync with ActivityThread and LoadedApk.
282 const std::string PROFILE_EXT = ".prof";
283 const std::string CURRENT_PROFILE_EXT = ".cur";
284 const std::string SNAPSHOT_PROFILE_EXT = ".snapshot";
285 
286 // Gets the parent directory and the file name for the given secondary dex path.
287 // Returns true on success, false on failure (if the dex_path does not have the expected
288 // structure).
get_secondary_dex_location(const std::string & dex_path,std::string * out_dir_name,std::string * out_file_name)289 static bool get_secondary_dex_location(const std::string& dex_path,
290         std::string* out_dir_name, std::string* out_file_name) {
291    size_t dirIndex = dex_path.rfind('/');
292    if (dirIndex == std::string::npos) {
293         return false;
294    }
295    if (dirIndex == dex_path.size() - 1) {
296         return false;
297    }
298    *out_dir_name = dex_path.substr(0, dirIndex);
299    *out_file_name = dex_path.substr(dirIndex + 1);
300 
301    return true;
302 }
303 
create_current_profile_path(userid_t user,const std::string & package_name,const std::string & location,bool is_secondary_dex)304 std::string create_current_profile_path(userid_t user, const std::string& package_name,
305         const std::string& location, bool is_secondary_dex) {
306     if (is_secondary_dex) {
307         // Secondary dex current profiles are stored next to the dex files under the oat folder.
308         std::string dex_dir;
309         std::string dex_name;
310         CHECK(get_secondary_dex_location(location, &dex_dir, &dex_name))
311                 << "Unexpected dir structure for secondary dex " << location;
312         return StringPrintf("%s/oat/%s%s%s",
313                 dex_dir.c_str(), dex_name.c_str(), CURRENT_PROFILE_EXT.c_str(),
314                 PROFILE_EXT.c_str());
315     } else {
316         // Profiles for primary apks are under /data/misc/profiles/cur.
317         std::string profile_dir = create_primary_current_profile_package_dir_path(
318                 user, package_name);
319         return StringPrintf("%s/%s", profile_dir.c_str(), location.c_str());
320     }
321 }
322 
create_reference_profile_path(const std::string & package_name,const std::string & location,bool is_secondary_dex)323 std::string create_reference_profile_path(const std::string& package_name,
324         const std::string& location, bool is_secondary_dex) {
325     if (is_secondary_dex) {
326         // Secondary dex reference profiles are stored next to the dex files under the oat folder.
327         std::string dex_dir;
328         std::string dex_name;
329         CHECK(get_secondary_dex_location(location, &dex_dir, &dex_name))
330                 << "Unexpected dir structure for secondary dex " << location;
331         return StringPrintf("%s/oat/%s%s",
332                 dex_dir.c_str(), dex_name.c_str(), PROFILE_EXT.c_str());
333     } else {
334         // Reference profiles for primary apks are stored in /data/misc/profile/ref.
335         std::string profile_dir = create_primary_reference_profile_package_dir_path(package_name);
336         return StringPrintf("%s/%s", profile_dir.c_str(), location.c_str());
337     }
338 }
339 
create_snapshot_profile_path(const std::string & package,const std::string & profile_name)340 std::string create_snapshot_profile_path(const std::string& package,
341         const std::string& profile_name) {
342     std::string ref_profile = create_reference_profile_path(package, profile_name,
343             /*is_secondary_dex*/ false);
344     return ref_profile + SNAPSHOT_PROFILE_EXT;
345 }
346 
get_known_users(const char * volume_uuid)347 std::vector<userid_t> get_known_users(const char* volume_uuid) {
348     std::vector<userid_t> users;
349 
350     // We always have an owner
351     users.push_back(0);
352 
353     std::string path(create_data_path(volume_uuid) + "/" + SECONDARY_USER_PREFIX);
354     DIR* dir = opendir(path.c_str());
355     if (dir == nullptr) {
356         // Unable to discover other users, but at least return owner
357         PLOG(ERROR) << "Failed to opendir " << path;
358         return users;
359     }
360 
361     struct dirent* ent;
362     while ((ent = readdir(dir))) {
363         if (ent->d_type != DT_DIR) {
364             continue;
365         }
366 
367         char* end;
368         userid_t user = strtol(ent->d_name, &end, 10);
369         if (*end == '\0' && user != 0) {
370             LOG(DEBUG) << "Found valid user " << user;
371             users.push_back(user);
372         }
373     }
374     closedir(dir);
375 
376     return users;
377 }
378 
calculate_tree_size(const std::string & path,int64_t * size,int32_t include_gid,int32_t exclude_gid,bool exclude_apps)379 int calculate_tree_size(const std::string& path, int64_t* size,
380         int32_t include_gid, int32_t exclude_gid, bool exclude_apps) {
381     FTS *fts;
382     FTSENT *p;
383     int64_t matchedSize = 0;
384     char *argv[] = { (char*) path.c_str(), nullptr };
385     if (!(fts = fts_open(argv, FTS_PHYSICAL | FTS_NOCHDIR | FTS_XDEV, nullptr))) {
386         if (errno != ENOENT) {
387             PLOG(ERROR) << "Failed to fts_open " << path;
388         }
389         return -1;
390     }
391     while ((p = fts_read(fts)) != nullptr) {
392         switch (p->fts_info) {
393         case FTS_D:
394         case FTS_DEFAULT:
395         case FTS_F:
396         case FTS_SL:
397         case FTS_SLNONE:
398             int32_t uid = p->fts_statp->st_uid;
399             int32_t gid = p->fts_statp->st_gid;
400             int32_t user_uid = multiuser_get_app_id(uid);
401             int32_t user_gid = multiuser_get_app_id(gid);
402             if (exclude_apps && ((user_uid >= AID_APP_START && user_uid <= AID_APP_END)
403                     || (user_gid >= AID_CACHE_GID_START && user_gid <= AID_CACHE_GID_END)
404                     || (user_gid >= AID_SHARED_GID_START && user_gid <= AID_SHARED_GID_END))) {
405                 // Don't traverse inside or measure
406                 fts_set(fts, p, FTS_SKIP);
407                 break;
408             }
409             if (include_gid != -1 && gid != include_gid) {
410                 break;
411             }
412             if (exclude_gid != -1 && gid == exclude_gid) {
413                 break;
414             }
415             matchedSize += (p->fts_statp->st_blocks * 512);
416             break;
417         }
418     }
419     fts_close(fts);
420 #if MEASURE_DEBUG
421     if ((include_gid == -1) && (exclude_gid == -1)) {
422         LOG(DEBUG) << "Measured " << path << " size " << matchedSize;
423     } else {
424         LOG(DEBUG) << "Measured " << path << " size " << matchedSize << "; include " << include_gid
425                 << " exclude " << exclude_gid;
426     }
427 #endif
428     *size += matchedSize;
429     return 0;
430 }
431 
432 /**
433  * Checks whether the package name is valid. Returns -1 on error and
434  * 0 on success.
435  */
is_valid_package_name(const std::string & packageName)436 bool is_valid_package_name(const std::string& packageName) {
437     // This logic is borrowed from PackageParser.java
438     bool hasSep = false;
439     bool front = true;
440 
441     auto it = packageName.begin();
442     for (; it != packageName.end() && *it != '-'; it++) {
443         char c = *it;
444         if ((c >= 'a' && c <= 'z') || (c >= 'A' && c <= 'Z')) {
445             front = false;
446             continue;
447         }
448         if (!front) {
449             if ((c >= '0' && c <= '9') || c == '_') {
450                 continue;
451             }
452         }
453         if (c == '.') {
454             hasSep = true;
455             front = true;
456             continue;
457         }
458         LOG(WARNING) << "Bad package character " << c << " in " << packageName;
459         return false;
460     }
461 
462     if (front) {
463         LOG(WARNING) << "Missing separator in " << packageName;
464         return false;
465     }
466 
467     for (; it != packageName.end(); it++) {
468         char c = *it;
469         if ((c >= 'a' && c <= 'z') || (c >= 'A' && c <= 'Z')) continue;
470         if ((c >= '0' && c <= '9') || c == '_' || c == '-' || c == '=') continue;
471         LOG(WARNING) << "Bad suffix character " << c << " in " << packageName;
472         return false;
473     }
474 
475     return true;
476 }
477 
_delete_dir_contents(DIR * d,int (* exclusion_predicate)(const char * name,const int is_dir))478 static int _delete_dir_contents(DIR *d,
479                                 int (*exclusion_predicate)(const char *name, const int is_dir))
480 {
481     int result = 0;
482     struct dirent *de;
483     int dfd;
484 
485     dfd = dirfd(d);
486 
487     if (dfd < 0) return -1;
488 
489     while ((de = readdir(d))) {
490         const char *name = de->d_name;
491 
492             /* check using the exclusion predicate, if provided */
493         if (exclusion_predicate && exclusion_predicate(name, (de->d_type == DT_DIR))) {
494             continue;
495         }
496 
497         if (de->d_type == DT_DIR) {
498             int subfd;
499             DIR *subdir;
500 
501                 /* always skip "." and ".." */
502             if (name[0] == '.') {
503                 if (name[1] == 0) continue;
504                 if ((name[1] == '.') && (name[2] == 0)) continue;
505             }
506 
507             subfd = openat(dfd, name, O_RDONLY | O_DIRECTORY | O_NOFOLLOW | O_CLOEXEC);
508             if (subfd < 0) {
509                 ALOGE("Couldn't openat %s: %s\n", name, strerror(errno));
510                 result = -1;
511                 continue;
512             }
513             subdir = fdopendir(subfd);
514             if (subdir == nullptr) {
515                 ALOGE("Couldn't fdopendir %s: %s\n", name, strerror(errno));
516                 close(subfd);
517                 result = -1;
518                 continue;
519             }
520             if (_delete_dir_contents(subdir, exclusion_predicate)) {
521                 result = -1;
522             }
523             closedir(subdir);
524             if (unlinkat(dfd, name, AT_REMOVEDIR) < 0) {
525                 ALOGE("Couldn't unlinkat %s: %s\n", name, strerror(errno));
526                 result = -1;
527             }
528         } else {
529             if (unlinkat(dfd, name, 0) < 0) {
530                 ALOGE("Couldn't unlinkat %s: %s\n", name, strerror(errno));
531                 result = -1;
532             }
533         }
534     }
535 
536     return result;
537 }
538 
create_dir_if_needed(const std::string & pathname,mode_t perms)539 int create_dir_if_needed(const std::string& pathname, mode_t perms) {
540     struct stat st;
541 
542     int rc;
543     if ((rc = stat(pathname.c_str(), &st)) != 0) {
544         if (errno == ENOENT) {
545             return mkdir(pathname.c_str(), perms);
546         } else {
547             return rc;
548         }
549     } else if (!S_ISDIR(st.st_mode)) {
550         LOG(DEBUG) << pathname << " is not a folder";
551         return -1;
552     }
553 
554     mode_t actual_perms = st.st_mode & ALLPERMS;
555     if (actual_perms != perms) {
556         LOG(WARNING) << pathname << " permissions " << actual_perms << " expected " << perms;
557         return -1;
558     }
559 
560     return 0;
561 }
562 
delete_dir_contents(const std::string & pathname,bool ignore_if_missing)563 int delete_dir_contents(const std::string& pathname, bool ignore_if_missing) {
564     return delete_dir_contents(pathname.c_str(), 0, nullptr, ignore_if_missing);
565 }
566 
delete_dir_contents_and_dir(const std::string & pathname,bool ignore_if_missing)567 int delete_dir_contents_and_dir(const std::string& pathname, bool ignore_if_missing) {
568     return delete_dir_contents(pathname.c_str(), 1, nullptr, ignore_if_missing);
569 }
570 
delete_dir_contents(const char * pathname,int also_delete_dir,int (* exclusion_predicate)(const char *,const int),bool ignore_if_missing)571 int delete_dir_contents(const char *pathname,
572                         int also_delete_dir,
573                         int (*exclusion_predicate)(const char*, const int),
574                         bool ignore_if_missing)
575 {
576     int res = 0;
577     DIR *d;
578 
579     d = opendir(pathname);
580     if (d == nullptr) {
581         if (ignore_if_missing && (errno == ENOENT)) {
582             return 0;
583         }
584         ALOGE("Couldn't opendir %s: %s\n", pathname, strerror(errno));
585         return -errno;
586     }
587     res = _delete_dir_contents(d, exclusion_predicate);
588     closedir(d);
589     if (also_delete_dir) {
590         if (rmdir(pathname)) {
591             ALOGE("Couldn't rmdir %s: %s\n", pathname, strerror(errno));
592             res = -1;
593         }
594     }
595     return res;
596 }
597 
delete_dir_contents_fd(int dfd,const char * name)598 int delete_dir_contents_fd(int dfd, const char *name)
599 {
600     int fd, res;
601     DIR *d;
602 
603     fd = openat(dfd, name, O_RDONLY | O_DIRECTORY | O_NOFOLLOW | O_CLOEXEC);
604     if (fd < 0) {
605         ALOGE("Couldn't openat %s: %s\n", name, strerror(errno));
606         return -1;
607     }
608     d = fdopendir(fd);
609     if (d == nullptr) {
610         ALOGE("Couldn't fdopendir %s: %s\n", name, strerror(errno));
611         close(fd);
612         return -1;
613     }
614     res = _delete_dir_contents(d, nullptr);
615     closedir(d);
616     return res;
617 }
618 
_copy_owner_permissions(int srcfd,int dstfd)619 static int _copy_owner_permissions(int srcfd, int dstfd)
620 {
621     struct stat st;
622     if (fstat(srcfd, &st) != 0) {
623         return -1;
624     }
625     if (fchmod(dstfd, st.st_mode) != 0) {
626         return -1;
627     }
628     return 0;
629 }
630 
_copy_dir_files(int sdfd,int ddfd,uid_t owner,gid_t group)631 static int _copy_dir_files(int sdfd, int ddfd, uid_t owner, gid_t group)
632 {
633     int result = 0;
634     if (_copy_owner_permissions(sdfd, ddfd) != 0) {
635         ALOGE("_copy_dir_files failed to copy dir permissions\n");
636     }
637     if (fchown(ddfd, owner, group) != 0) {
638         ALOGE("_copy_dir_files failed to change dir owner\n");
639     }
640 
641     DIR *ds = fdopendir(sdfd);
642     if (ds == nullptr) {
643         ALOGE("Couldn't fdopendir: %s\n", strerror(errno));
644         return -1;
645     }
646     struct dirent *de;
647     while ((de = readdir(ds))) {
648         if (de->d_type != DT_REG) {
649             continue;
650         }
651 
652         const char *name = de->d_name;
653         int fsfd = openat(sdfd, name, O_RDONLY | O_NOFOLLOW | O_CLOEXEC);
654         int fdfd = openat(ddfd, name, O_WRONLY | O_NOFOLLOW | O_CLOEXEC | O_CREAT, 0600);
655         if (fsfd == -1 || fdfd == -1) {
656             ALOGW("Couldn't copy %s: %s\n", name, strerror(errno));
657         } else {
658             if (_copy_owner_permissions(fsfd, fdfd) != 0) {
659                 ALOGE("Failed to change file permissions\n");
660             }
661             if (fchown(fdfd, owner, group) != 0) {
662                 ALOGE("Failed to change file owner\n");
663             }
664 
665             char buf[8192];
666             ssize_t size;
667             while ((size = read(fsfd, buf, sizeof(buf))) > 0) {
668                 write(fdfd, buf, size);
669             }
670             if (size < 0) {
671                 ALOGW("Couldn't copy %s: %s\n", name, strerror(errno));
672                 result = -1;
673             }
674         }
675         close(fdfd);
676         close(fsfd);
677     }
678 
679     return result;
680 }
681 
copy_dir_files(const char * srcname,const char * dstname,uid_t owner,uid_t group)682 int copy_dir_files(const char *srcname,
683                    const char *dstname,
684                    uid_t owner,
685                    uid_t group)
686 {
687     int res = 0;
688     DIR *ds = nullptr;
689     DIR *dd = nullptr;
690 
691     ds = opendir(srcname);
692     if (ds == nullptr) {
693         ALOGE("Couldn't opendir %s: %s\n", srcname, strerror(errno));
694         return -errno;
695     }
696 
697     mkdir(dstname, 0600);
698     dd = opendir(dstname);
699     if (dd == nullptr) {
700         ALOGE("Couldn't opendir %s: %s\n", dstname, strerror(errno));
701         closedir(ds);
702         return -errno;
703     }
704 
705     int sdfd = dirfd(ds);
706     int ddfd = dirfd(dd);
707     if (sdfd != -1 && ddfd != -1) {
708         res = _copy_dir_files(sdfd, ddfd, owner, group);
709     } else {
710         res = -errno;
711     }
712     closedir(dd);
713     closedir(ds);
714     return res;
715 }
716 
data_disk_free(const std::string & data_path)717 int64_t data_disk_free(const std::string& data_path) {
718     struct statvfs sfs;
719     if (statvfs(data_path.c_str(), &sfs) == 0) {
720         return static_cast<int64_t>(sfs.f_bavail) * sfs.f_frsize;
721     } else {
722         PLOG(ERROR) << "Couldn't statvfs " << data_path;
723         return -1;
724     }
725 }
726 
get_path_inode(const std::string & path,ino_t * inode)727 int get_path_inode(const std::string& path, ino_t *inode) {
728     struct stat buf;
729     memset(&buf, 0, sizeof(buf));
730     if (stat(path.c_str(), &buf) != 0) {
731         PLOG(WARNING) << "Failed to stat " << path;
732         return -1;
733     } else {
734         *inode = buf.st_ino;
735         return 0;
736     }
737 }
738 
739 /**
740  * Write the inode of a specific child file into the given xattr on the
741  * parent directory. This allows you to find the child later, even if its
742  * name is encrypted.
743  */
write_path_inode(const std::string & parent,const char * name,const char * inode_xattr)744 int write_path_inode(const std::string& parent, const char* name, const char* inode_xattr) {
745     ino_t inode = 0;
746     uint64_t inode_raw = 0;
747     auto path = StringPrintf("%s/%s", parent.c_str(), name);
748 
749     if (get_path_inode(path, &inode) != 0) {
750         // Path probably doesn't exist yet; ignore
751         return 0;
752     }
753 
754     // Check to see if already set correctly
755     if (getxattr(parent.c_str(), inode_xattr, &inode_raw, sizeof(inode_raw)) == sizeof(inode_raw)) {
756         if (inode_raw == inode) {
757             // Already set correctly; skip writing
758             return 0;
759         } else {
760             PLOG(WARNING) << "Mismatched inode value; found " << inode
761                     << " on disk but marked value was " << inode_raw << "; overwriting";
762         }
763     }
764 
765     inode_raw = inode;
766     if (setxattr(parent.c_str(), inode_xattr, &inode_raw, sizeof(inode_raw), 0) != 0 && errno != EOPNOTSUPP) {
767         PLOG(ERROR) << "Failed to write xattr " << inode_xattr << " at " << parent;
768         return -1;
769     } else {
770         return 0;
771     }
772 }
773 
774 /**
775  * Read the inode of a specific child file from the given xattr on the
776  * parent directory. Returns a currently valid path for that child, which
777  * might have an encrypted name.
778  */
read_path_inode(const std::string & parent,const char * name,const char * inode_xattr)779 std::string read_path_inode(const std::string& parent, const char* name, const char* inode_xattr) {
780     ino_t inode = 0;
781     uint64_t inode_raw = 0;
782     auto fallback = StringPrintf("%s/%s", parent.c_str(), name);
783 
784     // Lookup the inode value written earlier
785     if (getxattr(parent.c_str(), inode_xattr, &inode_raw, sizeof(inode_raw)) == sizeof(inode_raw)) {
786         inode = inode_raw;
787     }
788 
789     // For testing purposes, rely on the inode when defined; this could be
790     // optimized to use access() in the future.
791     if (inode != 0) {
792         DIR* dir = opendir(parent.c_str());
793         if (dir == nullptr) {
794             PLOG(ERROR) << "Failed to opendir " << parent;
795             return fallback;
796         }
797 
798         struct dirent* ent;
799         while ((ent = readdir(dir))) {
800             if (ent->d_ino == inode) {
801                 auto resolved = StringPrintf("%s/%s", parent.c_str(), ent->d_name);
802 #if DEBUG_XATTRS
803                 if (resolved != fallback) {
804                     LOG(DEBUG) << "Resolved path " << resolved << " for inode " << inode
805                             << " instead of " << fallback;
806                 }
807 #endif
808                 closedir(dir);
809                 return resolved;
810             }
811         }
812         LOG(WARNING) << "Failed to resolve inode " << inode << "; using " << fallback;
813         closedir(dir);
814         return fallback;
815     } else {
816         return fallback;
817     }
818 }
819 
remove_path_xattr(const std::string & path,const char * inode_xattr)820 void remove_path_xattr(const std::string& path, const char* inode_xattr) {
821     if (removexattr(path.c_str(), inode_xattr) && errno != ENODATA) {
822         PLOG(ERROR) << "Failed to remove xattr " << inode_xattr << " at " << path;
823     }
824 }
825 
826 /**
827  * Validate that the path is valid in the context of the provided directory.
828  * The path is allowed to have at most one subdirectory and no indirections
829  * to top level directories (i.e. have "..").
830  */
validate_path(const std::string & dir,const std::string & path,int maxSubdirs)831 static int validate_path(const std::string& dir, const std::string& path, int maxSubdirs) {
832     // Argument sanity checking
833     if (dir.find('/') != 0 || dir.rfind('/') != dir.size() - 1
834             || dir.find("..") != std::string::npos) {
835         LOG(ERROR) << "Invalid directory " << dir;
836         return -1;
837     }
838     if (path.find("..") != std::string::npos) {
839         LOG(ERROR) << "Invalid path " << path;
840         return -1;
841     }
842 
843     if (path.compare(0, dir.size(), dir) != 0) {
844         // Common case, path isn't under directory
845         return -1;
846     }
847 
848     // Count number of subdirectories
849     auto pos = path.find('/', dir.size());
850     int count = 0;
851     while (pos != std::string::npos) {
852         auto next = path.find('/', pos + 1);
853         if (next > pos + 1) {
854             count++;
855         }
856         pos = next;
857     }
858 
859     if (count > maxSubdirs) {
860         LOG(ERROR) << "Invalid path depth " << path << " when tested against " << dir;
861         return -1;
862     }
863 
864     return 0;
865 }
866 
867 /**
868  * Checks whether a path points to a system app (.apk file). Returns 0
869  * if it is a system app or -1 if it is not.
870  */
validate_system_app_path(const char * path)871 int validate_system_app_path(const char* path) {
872     std::string path_ = path;
873     for (const auto& dir : android_system_dirs) {
874         if (validate_path(dir, path, 1) == 0) {
875             return 0;
876         }
877     }
878     return -1;
879 }
880 
validate_secondary_dex_path(const std::string & pkgname,const std::string & dex_path,const char * volume_uuid,int uid,int storage_flag)881 bool validate_secondary_dex_path(const std::string& pkgname, const std::string& dex_path,
882         const char* volume_uuid, int uid, int storage_flag) {
883     CHECK(storage_flag == FLAG_STORAGE_CE || storage_flag == FLAG_STORAGE_DE);
884 
885     // Empty paths are not allowed.
886     if (dex_path.empty()) { return false; }
887     // First character should always be '/'. No relative paths.
888     if (dex_path[0] != '/') { return false; }
889     // The last character should not be '/'.
890     if (dex_path[dex_path.size() - 1] == '/') { return false; }
891     // There should be no '.' after the directory marker.
892     if (dex_path.find("/.") != std::string::npos) { return false; }
893     // The path should be at most PKG_PATH_MAX long.
894     if (dex_path.size() > PKG_PATH_MAX) { return false; }
895 
896     // The dex_path should be under the app data directory.
897     std::string app_private_dir = storage_flag == FLAG_STORAGE_CE
898             ? create_data_user_ce_package_path(
899                     volume_uuid, multiuser_get_user_id(uid), pkgname.c_str())
900             : create_data_user_de_package_path(
901                     volume_uuid, multiuser_get_user_id(uid), pkgname.c_str());
902 
903     if (strncmp(dex_path.c_str(), app_private_dir.c_str(), app_private_dir.size()) != 0) {
904         // The check above might fail if the dex file is accessed via the /data/user/0 symlink.
905         // If that's the case, attempt to validate against the user data link.
906         std::string app_private_dir_symlink = create_data_user_ce_package_path_as_user_link(
907                 volume_uuid, multiuser_get_user_id(uid), pkgname.c_str());
908         if (strncmp(dex_path.c_str(), app_private_dir_symlink.c_str(),
909                 app_private_dir_symlink.size()) != 0) {
910             return false;
911         }
912     }
913 
914     // If we got here we have a valid path.
915     return true;
916 }
917 
918 /**
919  * Check whether path points to a valid path for an APK file. The path must
920  * begin with a whitelisted prefix path and must be no deeper than |maxSubdirs| within
921  * that path. Returns -1 when an invalid path is encountered and 0 when a valid path
922  * is encountered.
923  */
validate_apk_path_internal(const std::string & path,int maxSubdirs)924 static int validate_apk_path_internal(const std::string& path, int maxSubdirs) {
925     if (validate_path(android_app_dir, path, maxSubdirs) == 0) {
926         return 0;
927     } else if (validate_path(android_staging_dir, path, maxSubdirs) == 0) {
928         return 0;
929     } else if (validate_path(android_app_private_dir, path, maxSubdirs) == 0) {
930         return 0;
931     } else if (validate_path(android_app_ephemeral_dir, path, maxSubdirs) == 0) {
932         return 0;
933     } else if (validate_path(android_asec_dir, path, maxSubdirs) == 0) {
934         return 0;
935     } else if (android::base::StartsWith(path, android_mnt_expand_dir)) {
936         // Rewrite the path as if it were on internal storage, and test that
937         size_t end = path.find('/', android_mnt_expand_dir.size() + 1);
938         if (end != std::string::npos) {
939             auto modified = path;
940             modified.replace(0, end + 1, android_data_dir);
941             return validate_apk_path_internal(modified, maxSubdirs);
942         }
943     }
944     return -1;
945 }
946 
validate_apk_path(const char * path)947 int validate_apk_path(const char* path) {
948     return validate_apk_path_internal(path, 2 /* maxSubdirs */);
949 }
950 
validate_apk_path_subdirs(const char * path)951 int validate_apk_path_subdirs(const char* path) {
952     return validate_apk_path_internal(path, 4 /* maxSubdirs */);
953 }
954 
ensure_config_user_dirs(userid_t userid)955 int ensure_config_user_dirs(userid_t userid) {
956     // writable by system, readable by any app within the same user
957     const int uid = multiuser_get_uid(userid, AID_SYSTEM);
958     const int gid = multiuser_get_uid(userid, AID_EVERYBODY);
959 
960     // Ensure /data/misc/user/<userid> exists
961     auto path = create_data_misc_legacy_path(userid);
962     return fs_prepare_dir(path.c_str(), 0750, uid, gid);
963 }
964 
wait_child(pid_t pid)965 int wait_child(pid_t pid)
966 {
967     int status;
968     pid_t got_pid;
969 
970     while (1) {
971         got_pid = waitpid(pid, &status, 0);
972         if (got_pid == -1 && errno == EINTR) {
973             printf("waitpid interrupted, retrying\n");
974         } else {
975             break;
976         }
977     }
978     if (got_pid != pid) {
979         ALOGW("waitpid failed: wanted %d, got %d: %s\n",
980             (int) pid, (int) got_pid, strerror(errno));
981         return 1;
982     }
983 
984     if (WIFEXITED(status) && WEXITSTATUS(status) == 0) {
985         return 0;
986     } else {
987         return status;      /* always nonzero */
988     }
989 }
990 
991 /**
992  * Prepare an app cache directory, which offers to fix-up the GID and
993  * directory mode flags during a platform upgrade.
994  * The app cache directory path will be 'parent'/'name'.
995  */
prepare_app_cache_dir(const std::string & parent,const char * name,mode_t target_mode,uid_t uid,gid_t gid)996 int prepare_app_cache_dir(const std::string& parent, const char* name, mode_t target_mode,
997         uid_t uid, gid_t gid) {
998     auto path = StringPrintf("%s/%s", parent.c_str(), name);
999     struct stat st;
1000     if (stat(path.c_str(), &st) != 0) {
1001         if (errno == ENOENT) {
1002             // This is fine, just create it
1003             if (fs_prepare_dir_strict(path.c_str(), target_mode, uid, gid) != 0) {
1004                 PLOG(ERROR) << "Failed to prepare " << path;
1005                 return -1;
1006             } else {
1007                 return 0;
1008             }
1009         } else {
1010             PLOG(ERROR) << "Failed to stat " << path;
1011             return -1;
1012         }
1013     }
1014 
1015     mode_t actual_mode = st.st_mode & (S_IRWXU | S_IRWXG | S_IRWXO | S_ISGID);
1016     if (st.st_uid != uid) {
1017         // Mismatched UID is real trouble; we can't recover
1018         LOG(ERROR) << "Mismatched UID at " << path << ": found " << st.st_uid
1019                 << " but expected " << uid;
1020         return -1;
1021     } else if (st.st_gid == gid && actual_mode == target_mode) {
1022         // Everything looks good!
1023         return 0;
1024     } else {
1025         // Mismatched GID/mode is recoverable; fall through to update
1026         LOG(DEBUG) << "Mismatched cache GID/mode at " << path << ": found " << st.st_gid
1027                 << "/" << actual_mode << " but expected " << gid << "/" << target_mode;
1028     }
1029 
1030     // Directory is owned correctly, but GID or mode mismatch means it's
1031     // probably a platform upgrade so we need to fix them
1032     FTS *fts;
1033     FTSENT *p;
1034     char *argv[] = { (char*) path.c_str(), nullptr };
1035     if (!(fts = fts_open(argv, FTS_PHYSICAL | FTS_NOCHDIR | FTS_XDEV, nullptr))) {
1036         PLOG(ERROR) << "Failed to fts_open " << path;
1037         return -1;
1038     }
1039     while ((p = fts_read(fts)) != nullptr) {
1040         switch (p->fts_info) {
1041         case FTS_DP:
1042             if (chmod(p->fts_path, target_mode) != 0) {
1043                 PLOG(WARNING) << "Failed to chmod " << p->fts_path;
1044             }
1045             [[fallthrough]]; // to also set GID
1046         case FTS_F:
1047             if (chown(p->fts_path, -1, gid) != 0) {
1048                 PLOG(WARNING) << "Failed to chown " << p->fts_path;
1049             }
1050             break;
1051         case FTS_SL:
1052         case FTS_SLNONE:
1053             if (lchown(p->fts_path, -1, gid) != 0) {
1054                 PLOG(WARNING) << "Failed to chown " << p->fts_path;
1055             }
1056             break;
1057         }
1058     }
1059     fts_close(fts);
1060     return 0;
1061 }
1062 
1063 static const char* kProcFilesystems = "/proc/filesystems";
supports_sdcardfs()1064 bool supports_sdcardfs() {
1065     std::string supported;
1066     if (!android::base::ReadFileToString(kProcFilesystems, &supported)) {
1067         PLOG(ERROR) << "Failed to read supported filesystems";
1068         return false;
1069     }
1070     return supported.find("sdcardfs\n") != std::string::npos;
1071 }
1072 
get_occupied_app_space_external(const std::string & uuid,int32_t userId,int32_t appId)1073 int64_t get_occupied_app_space_external(const std::string& uuid, int32_t userId, int32_t appId) {
1074     static const bool supportsSdcardFs = supports_sdcardfs();
1075 
1076     if (supportsSdcardFs) {
1077         int extGid = multiuser_get_ext_gid(userId, appId);
1078 
1079         if (extGid == -1) {
1080             return -1;
1081         }
1082 
1083         return GetOccupiedSpaceForGid(uuid, extGid);
1084     } else {
1085         uid_t uid = multiuser_get_uid(userId, appId);
1086         long projectId = uid - AID_APP_START + PROJECT_ID_EXT_DATA_START;
1087         return GetOccupiedSpaceForProjectId(uuid, projectId);
1088     }
1089 }
get_occupied_app_cache_space_external(const std::string & uuid,int32_t userId,int32_t appId)1090 int64_t get_occupied_app_cache_space_external(const std::string& uuid, int32_t userId, int32_t appId) {
1091     static const bool supportsSdcardFs = supports_sdcardfs();
1092 
1093     if (supportsSdcardFs) {
1094         int extCacheGid = multiuser_get_ext_cache_gid(userId, appId);
1095 
1096         if (extCacheGid == -1) {
1097             return -1;
1098         }
1099 
1100         return GetOccupiedSpaceForGid(uuid, extCacheGid);
1101     } else {
1102         uid_t uid = multiuser_get_uid(userId, appId);
1103         long projectId = uid - AID_APP_START + PROJECT_ID_EXT_CACHE_START;
1104         return GetOccupiedSpaceForProjectId(uuid, projectId);
1105     }
1106 }
1107 
1108 // Collect all non empty profiles from the given directory and puts then into profile_paths.
1109 // The profiles are identified based on PROFILE_EXT extension.
1110 // If a subdirectory or profile file cannot be opened the method logs a warning and moves on.
1111 // It returns true if there were no errors at all, and false otherwise.
collect_profiles(DIR * d,const std::string & current_path,std::vector<std::string> * profiles_paths)1112 static bool collect_profiles(DIR* d,
1113                              const std::string& current_path,
1114                              std::vector<std::string>* profiles_paths) {
1115     int32_t dir_fd = dirfd(d);
1116     if (dir_fd < 0) {
1117         return false;
1118     }
1119 
1120     bool result = true;
1121     struct dirent* dir_entry;
1122     while ((dir_entry = readdir(d))) {
1123         std::string name = dir_entry->d_name;
1124         std::string local_path = current_path + "/" + name;
1125 
1126         if (dir_entry->d_type == DT_REG) {
1127             // Check if this is a non empty profile file.
1128             if (EndsWith(name, PROFILE_EXT)) {
1129                 struct stat st;
1130                 if (stat(local_path.c_str(), &st) != 0) {
1131                     PLOG(WARNING) << "Cannot stat local path " << local_path;
1132                     result = false;
1133                     continue;
1134                 } else if (st.st_size > 0) {
1135                     profiles_paths->push_back(local_path);
1136                 }
1137             }
1138         } else if (dir_entry->d_type == DT_DIR) {
1139             // always skip "." and ".."
1140             if (name == "." || name == "..") {
1141                 continue;
1142             }
1143 
1144             unique_fd subdir_fd(openat(dir_fd, name.c_str(),
1145                     O_RDONLY | O_DIRECTORY | O_NOFOLLOW | O_CLOEXEC));
1146             if (subdir_fd < 0) {
1147                 PLOG(WARNING) << "Could not open dir path " << local_path;
1148                 result = false;
1149                 continue;
1150             }
1151 
1152             DIR* subdir = Fdopendir(std::move(subdir_fd));
1153             if (subdir == nullptr) {
1154                 PLOG(WARNING) << "Could not open dir path " << local_path;
1155                 result = false;
1156                 continue;
1157             }
1158             bool new_result = collect_profiles(subdir, local_path, profiles_paths);
1159             result = result && new_result;
1160             if (closedir(subdir) != 0) {
1161                 PLOG(WARNING) << "Could not close dir path " << local_path;
1162             }
1163         }
1164     }
1165 
1166     return result;
1167 }
1168 
collect_profiles(std::vector<std::string> * profiles_paths)1169 bool collect_profiles(std::vector<std::string>* profiles_paths) {
1170     DIR* d = opendir(android_profiles_dir.c_str());
1171     if (d == nullptr) {
1172         return false;
1173     } else {
1174         return collect_profiles(d, android_profiles_dir, profiles_paths);
1175     }
1176 }
1177 
drop_capabilities(uid_t uid)1178 void drop_capabilities(uid_t uid) {
1179     if (setgid(uid) != 0) {
1180         PLOG(ERROR) << "setgid(" << uid << ") failed in installd during dexopt";
1181         exit(DexoptReturnCodes::kSetGid);
1182     }
1183     if (setuid(uid) != 0) {
1184         PLOG(ERROR) << "setuid(" << uid << ") failed in installd during dexopt";
1185         exit(DexoptReturnCodes::kSetUid);
1186     }
1187     // drop capabilities
1188     struct __user_cap_header_struct capheader;
1189     struct __user_cap_data_struct capdata[2];
1190     memset(&capheader, 0, sizeof(capheader));
1191     memset(&capdata, 0, sizeof(capdata));
1192     capheader.version = _LINUX_CAPABILITY_VERSION_3;
1193     if (capset(&capheader, &capdata[0]) < 0) {
1194         PLOG(ERROR) << "capset failed";
1195         exit(DexoptReturnCodes::kCapSet);
1196     }
1197 }
1198 
1199 }  // namespace installd
1200 }  // namespace android
1201